From 595429e6e514aab20ac75a714cf2891bd3c1264c Mon Sep 17 00:00:00 2001
From: denise <denise@denise-DX4860sourcefabric.org>
Date: Wed, 30 Jan 2013 11:51:27 -0500
Subject: [PATCH] CC-4897: XSS exploit on library page

-fixed
---
 airtime_mvc/application/controllers/LibraryController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/airtime_mvc/application/controllers/LibraryController.php b/airtime_mvc/application/controllers/LibraryController.php
index 1e3ac996a..15ae12944 100644
--- a/airtime_mvc/application/controllers/LibraryController.php
+++ b/airtime_mvc/application/controllers/LibraryController.php
@@ -438,7 +438,7 @@ class LibraryController extends Zend_Controller_Action
                 $formValues = $this->_getParam('data', null);
                 $formdata = array();
                 foreach ($formValues as $val) {
-                    $formdata[$val["name"]] = $val["value"];
+                    $formdata[$val["name"]] = htmlspecialchars($val["value"]);
                 }
                 $file->setDbColMetadata($formdata);